外文文献计算机网络安全和防范.docx

附录一 翻译computer network security and to guard against abstract: when mankind entered the 21st century information society, the network society of the time, china will establish a complete set of network security system, especially from the policy and law to establish chinas own characteristics, network security system. key words: computer; network; security; prevent in the information age, information can help groups or individuals so that they benefit from, the same information can also be used to pose a threat to them, caused damage. therefore network security, including the composition of network hardware, software and network transmission of information security, so that they do not because of accidental or malicious destruction of the attacks, network security not only the technical aspects, but also management issues, both complement each other, are indispensable. first, the concept of computer network security international organization for standardization of computer security is defined as: to establish a data processing system and the adoption of technology and management of security protection, the protection of computer hardware, software, data is not due to accidental and malicious destruction of reasons, change and leakage. the above definition of computer security includes physical security and logical security of both the contents of the contents of the logic of security could be understood as we often say that the information security, information refers to the confidentiality, integrity and availability of protection, and network security information security is the meaning of the extension, that network security is a network of information confidentiality, integrity and availability protection. computer network security as the specific meaning of the user changes, the user is different on the network security awareness and requirements will be different. from the ordinary users point of view, could only hope that personal privacy or confidential information transmission on the network be protected against eavesdropping, tampering and forgery; and network provider in addition to care about these network information security, we must also consider how to deal with sudden natural disasters, such as military strikes against the destruction of network hardware, as well as unusual in the network how to restore network communications, and maintain the continuity of network communications. in essence, the network security, including the composition of network hardware, software and network transmission of information security, so that they do not because of accidental or malicious attacks on the destruction of both the technical aspects of network security issues, there are management issues, the two sides complement each other, are indispensable. man-made network intrusion and attacks makes network security is facing new challenges. second, computer network security status quo computer network security is the network hardware, software and data systems are protected from accidental or malicious destruction of reasons, alteration, disclosure, the system continuous, reliable, normal operation of network services without disruption. computer and network technology has the complexity and diversity, makes computer and network security has become a need to continue to update and improve the area. at present, hackers method has been more than the type of computer virus, and many attacks are fatal. in the internet network, because the internet does not have the time and geographical constraints, whenever there is a means to generate new attacks, we can in a week around the world, these attacks means the use of network and system vulnerabilities to attack computer systems and resulting in network paralysis. worms, backdoor (back-doors), rootkits, dos (denialofservices) and sniffer (network monitor) is a familiar means of several hacker attacks. however, none of these attacks means they reflect the astonishing power of today become worse. these types of attacks means the new variant, with previous attacks appeared methods, more intelligent, targeted against internet-based protocols and operating system level. from the web process control procedures to the kernel-level rootlets. hackers practices escalating renovation, to the users ability to guard against information security challenge. third, computer network security precautions 1, to strengthen the internal network management and the use of safety awareness among staff, many computer systems commonly used passwords to control access to system resources, which is anti-virus process, the most vulnerable and the most economical methods. network administrator and terminal operator privileges in accordance with their responsibilities, choose a different password for the application data legitimate operation, to prevent unauthorized users to access the data and the use of network resources. on the network, software installation and management is crucial, it is not only related to network maintenance and management efficiency and quality, but also to the network security. a good antivirus software can be easily installed within minutes to the organization each nt server can also be downloaded and spread to all the purpose of the machine by the network administrator set up and manage to focus, it will work with the operating system and other security is closely linked to become a part of network security management, and automatically provide the best network virus defensive measures. when the computer virus on-line resources applications attack, such as the virus exists in the information-sharing network of media, it is necessary to the security at the gateway, on the network front-end for antivirus. 2, network firewall technology is a kind of used to strengthen the network access control to prevent the external network users to illegal means to enter the external network through the internal network, access internal network resources and protect the internal network operating environment special for network interconnection devices. it is between two or more networks such as packet transmission link in accordance with a certain degree of security strategy to implement the inspection, to determine whether the network communication between are allowed to, and monitor the network running. although the firewall is to protect the network from an effective means of hacking, but there are obviously inadequate: through the firewall can not protect against outside attack other means, can not prevent defectors from the inside and inadvertent threats posed by users, but also can not completely prevent the transmission of the virus have been infected with the software or documents, and can not protect against data-driven attacks. 3, security encryption technology encryption technology for the global e-commerce to provide a guarantee, so that internet-based electronic trading system has become possible, thus improving the symmetric encryption and asymmetric encryption technology is still the mainstream of the 21st century. symmetric encryption to the conventional password-based technology, computing encryption and decryption operations use the same key. asymmetric encryption, encryption key that is different from the decryption key, encryption keys are made public, anyone can use, only the decryption key to decrypt people know. 4, the network host operating system security and physical security measures network firewall as the first line of defense and can not fully protect the internal network, must be combined with other measures to improve the safety of the system level. after the firewall is based on the network host operating system security and physical security measures. in accordance with the level from low to high, namely, the physical security of the host system, the core operating system security, system security, application services security and file system security; at the same time, host security checks and bug fixes, as well as a backup safety system as a supplementary safety measures. these constitute the entire network system, the second line of defense, the main part of a breakthrough to prevent the firewall as well as attacks from within. system backup is the last line of defense network system, used to attack after the system restore. the firewall and host security measures is the overall system security by auditing, intrusion detection and response processor constitute the overall safety inspection and response measures. it from the network system firewall, network host or even directly from the network link layer on the extraction of network status information, as input to the intrusion detection subsystem. intrusion detection system in accordance with certain rules to determine whether there is any invasion of the incident, if the invasion occurred, the emergency treatment measures, and generate a warning message. moreover, the systems security audit also can be used as the future consequences of aggressive behavior and to deal with security policy on the system to improve sources of information. in short, network security is a comprehensive issue, involving technology, management, use and many other aspects, including both its own information system security issues, there are physical and logical technical measures, a kind of technology can only solve the problem on the one hand, rather than a panacea. to this end the establishment of a network with chinese characteristics, security system, the need for national policies and regulations to support and joint research and development group. security and anti-security like two sides of contradictions, always pick-up, so the security industry is a future with the development of new technologies and the continuous development of industry. 计算机网络安全和防范 摘要：当人类跨入21世纪的信息社会，网络社会的时候，我国将建立一套完整的网络安全系统，特别是从政策和法律，建立我国自己的特点，网络安全系统。 关键词：计算机;网络;安全;防止 在信息时代，信息可以帮助团体或个人，使他们从中受益，同样的信息也可以被用来威胁到他们，造成的损失。因此，网络安全，包括组成的网络硬件，软件和网络传输的信息安全，使他们不因意外或恶意破坏的攻击，网络安全不仅是技术方面，而且还管理问题，既相互补充另一方面，是不可或缺的。 首先，概念的计算机网络安全 国际标准化组织的“计算机安全”的定义是： “要建立一个数据处理系统，并通过技术和管理的安全保护，保护计算机硬件，软件，数据不因偶然和恶意破坏的原因，更改和泄漏。 “上述定义的计算机安全包括人身安全和逻辑安全性的内容的内容的逻辑，安全可被理解为我们常说，信息安全，是指信息的保密性，完整性和可用性的保护，网络保障信息安全的含义是延长，这是一个网络安全的信息网络的保密性，完整性和可用性的保护。计算机网络安全的具体含义，用户的变化，不同的用户对网络安全的认识和要求会有所不同。从普通用户的角度来看，只能希望，个人隐私或机密信息的传输网络上的受到保护，防止窃听，篡改和伪造;和网络提供商除了关心这些网络信息安全，我们还必须考虑如何处理突发自然灾害，如军事打击破坏网络硬件，以及网络中的不寻常如何还原网络通讯，并保持连续性的网络通信。 从本质上讲，网络安全，包括组成的网络硬件，软件和网络传输的信息安全，使他们不因意外或恶意攻击的破坏双方的技术方面的网络安全问题，有管理的问题，双方互为补充，是不可或缺的。人为的网络入侵和攻击使网络安全面临新的挑战。 其次，计算机网络安全现状 计算机网络安全是网络硬件，软件和数据系统免遭意外或恶意破坏的原因，改建，披露，该系统连续，可靠，正常运行的网络服务不中断。计算机和网络技术的复杂性和多样性，使计算机和网络安全已经成为一个需要继续更新和改善该地区。目前，黑客攻击方法已超过计算机病毒的类型，而且许多攻击是致命的。在互联网络，因为互联网没有时间和地域的限制，只要有一个手段产生新的攻击，我们可以在一个星期在世界各地，这些攻击是指利用网络和系统漏洞攻击计算机系统并造成网络瘫痪。蠕虫，后门（回门） ，骗局，司（ denialofservices ）和sniffer （网络监视器）是一个人们熟悉的手段，一些黑客的攻击。然而，这些攻击手段，他们反映了惊人的力量，今天变得更为严重。这些类型的攻击手段的新变种，与以往的攻击方法，更智能化，更针对以互联网为基础的协议和操作系统的水平。来自网络的过程控制程序的内核级根。黑客的做法不断升级改造，给用户的能力，防范信息安全的挑战。 第三，计算机网络的安全防范措施 1 ，加强内部网络的管理和利用工作人员的安全意识，许多计算机系统常用的密码，访问控制系统资源，这是反病毒过程中，最脆弱和最经济的方法。网络管理员和码头经营特权按照自己的责任，选择不同的密码，应用数据的合法操作，防止未经授权的用户访问数据和使用网络资源。 在网络上，软件的安装和管